Go to listing page

Cyware Daily Threat Intelligence August 31, 2021

Cyware Daily Threat Intelligence August 31, 2021

Share Blog Post

The ever-changing digital age has expanded the scope of cybercrime as threat actors latch on to different online business tools to launch their malicious intents. A series of cyberattacks that exploited a flaw in the ShowDoc online tool was used to distribute a variety of botnets and cryptomining malware. Among the botnets used, are variants of Srv-Hello, BillGates, and Mirai.

Meanwhile, organizations should gear up the security update process as the exploitation of several vulnerabilities is anticipated. HPE has warned about a high-severity Sudo bug that impacts several endpoint systems, including the Aruba AirWave management platform. Additionally, several companies such as RedHat and Sophos have released security advisories for two recently patched OpenSSL vulnerabilities impacting their products.   

Top Breaches Reported in the Last 24 Hours

Cream Finance hacked
Hackers have stolen over $29 million in cryptocurrency from a DeFi platform named Cream Finance. The attackers took advantage of a flaw in the flash loan feature in the website to withdraw funds repeatedly. 

Fujitsu confirms data leak
Fujitsu has revealed that some of its customers’ data is being sold on the Marketo dark web marketplace. The data is believed to have been stolen in an attack that occurred in May. 

DuPage Medical Group attacked
DuPage Medical Group is notifying about 600,000 patients that their personal information may have been compromised during a July cyberattack. The attack occurred after attackers gained unauthorized access to networks.

Data leak due to eHAC app
A misconfigured server belonging to the Indonesian government's COVID-19 eHAC app had exposed data of over 1 million people. The compromised data included personal and medical details of users.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable GitHub Copilot language
A group of researchers discovered that roughly 40% of the code generated by the GitHub Copilot language model is vulnerable. Some of the vulnerabilities include out-of-bounds write, cross-site scripting, out-of-bounds read, OS command injection, improper input validation, SQL injection, use-after-free, path traversal, unrestricted file upload, and missing authentication.

A new side-channel attack
Researchers have uncovered a new Meltdown-like attack that can be launched against systems using AMD’s Zen processors. Malicious attackers can abuse the memory of AMD’s Zen and Zen 2 chips, namely the Epyc 7262, Ryzen 7 2700X, and the Threadripper 2990WX, to steal keys and passwords.  

ShowDoc flaw exploited
A vulnerability impacting the ShowDoc tool was abused in a series of cyberattacks to spread botnets and mining software. The implanted botnets were also found capable of launching DDoS attacks. Some of the malware families used in the attacks include Srv-Hello, BillGates, and Mirai. A security patch for the vulnerability has been issued in August last year.   

Flawed Fortress security systems 
Multiple vulnerabilities discovered in home security systems provided by Fortress Security Store can allow threat actors to eavesdrop on users. Two of these vulnerabilities (CVE-2021-39276 and CVE-2021-39277) are rated medium severity and can be exploited remotely.   

Sudo bug discovered
HPE has issued a warning about a high-severity vulnerability found in Sudo open source program. The flaw can be exploited by attackers to gain unauthorized root privileges on a vulnerable host. It is tracked as CVE-2021-3156 and is believed to impact millions of endpoint devices and systems. Meanwhile, Sudo had fixed the flaw earlier this year. 

OpenSSL flaws being patched
Several Companies using OpenSSL in their products have started releasing security advisories for two recently patched vulnerabilities. However, QNAP is still working on security updates to address the flaws.   

Top Scams Reported in the Last 24 Hours

Expired Driver’s Licenses misused
Scammers are using expired driver’s licenses in a bid to steal the personal information of users. The scam is carried out via text messages that pretend to be from the state motor vehicle agencies. The message asks the recipients to renew their licenses by clicking on the link.  

 Tags

showdoc online tool
fortress security system
mirai
openssl vulnerabilities
mining software
meltdown like attack
ddos attacks
cream finance

Posted on: August 31, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.